Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
Scripps Reporters Called 'Hackers' For Exposing Massive Security Flaw
Pwn2Own 2010: Google Chrome is the last man standing
Once again, it's Chrome's sandbox which is making things difficult. At last year's Pwn2Own, Charlie Miller had this to say:
Miller successfully targeted Safari on OsX using one of 20 exploits he had at the ready -- exploits which he uncovered using a simple 5-line Python script. "Tomorrow, I'm going to describe exactly how I found them, so hopefully that means Apple will replicate what I did and they'll find my 20 [bugs] and probably a lot more," Miller stated."There are bugs in Chrome but they're very hard to exploit. I have a Chrome vulnerability right now but I don't know how to exploit it. It's really hard. They've got that sandbox model that's hard to get out of. With Chrome, it's a combination of things - you can't execute on the heap, the OS protections in Windows and the Sandbox."
The mobile Safari attack was particularly impressive, since running code on the iPhone requires a valid digital signature. By rearranging bits of pre-signed code, Halvar Flake of Zynamics was able to deliver a malicious payload via Safari and force the iPhone to cough up its complete SMS database. Contacts and messages were laid bare -- including deleted ones.
While most (if not all) of these exploits aren't being used in the wild, it's still an indication of just how scary the landscape of the Internet is right now. How do you stay safe? Google Chrome looks like a good choice, obviously, but there's another option: Opera.
As one participant put it, "I use Opera, but that's basically because it has a tiny market share and as far as I know, nobody is really interested in creating a drive-by download for Opera."
Gotta love security by obscurity -- am I right, Apple fans?
[via the Register and NeoWin]
Comments
18
Subscribe to commentsNicknin10doMar 25th 2010 9:35AM
So the reason why they didn't try Opera was because it is rarely used?
I was kinda hoping to see how opera would stack up there, guess not.
tc4001Mar 25th 2010 10:04AM
Same thing here. On the bright side, this does make me feel justified for setting Opera as my default.
leniamonioMar 25th 2010 12:21PM
We love chrome! As for the post
Steve Jobs: /facepalm "I'll hire those kids!" At least the hack, isn't as bad as this cellphone spyware http://bit.ly/ creepy-cellphone-spyware-unleashed
jennalokisMar 25th 2010 10:00PM
@lenia you mean this? http://bit.ly/creepy-cellphone-spyware-unleashed
ty for the link
tclarkMar 25th 2010 11:37AM
What Chrome theme is that?
vinkapMar 25th 2010 12:02PM
This is a perfect example of how big a joke the so-called "superior security of OSX compared to Windows" is. Security thru obscurity will work for OSX only until they have a minuscule share of the market in comparison to Windows, which is a much bigger & lucrative target.
Hackers will always target platforms that have a large installed base. Look at how easily & quickly the iPhone OS (derived from desktop OSX) has been jailbroken every single time whenever there was a new version.
Before the fanboys start any flame war, here's a disclaimer : I use both Mac OSX and Windows on a daily basis and like/dislike both of them for various reasons.
rorMar 25th 2010 12:29PM
correct me if I'm wrong, but weren't these attacks all "socially engineered"? meaning, they require you to visit an attack website
if so, then not clicking on risky links is your best protection
JamesMar 27th 2010 9:22PM
Dude, the problem is not just when you go to l33th4x0rs.ru anymore -- malicious code can wind up almost anywhere through cross-site scripting, or malicious ads. You're only as safe as your browser (and its plugins, and extensions, and...)
tedMar 25th 2010 4:19PM
According to Gizmodo, Chrome wasnt even targeted. If this is true, then why is download squad glorifying Chrome for being the last man standing?
Maybe you guys can help me out here...
Fu4nyMar 27th 2010 3:06PM
Afaik, researcher prepare their exploits before the competition, no one choose Chrome because they don't have any exploit, or they can't even use it to hack the system.
There's a reason, few days ago, Google was just release a number of commit that patch many exploits, even makes Chrome harder to hack
Lee MathewsMar 25th 2010 11:20PM
Apple had a Safari patch-fest just prior, too...except, as reported...Miller took it down anyway.
tedMar 26th 2010 1:59AM
Ok, thanks for the replies. I now understand :)
Lee MathewsMar 26th 2010 9:18AM
I don't know about you, but the fact that no one even bothered to go after Chrome tells me it's pretty darn secure.
I think that's a little praiseworthy...
FardMar 26th 2010 3:49AM
So why is it that every year everything Apple goes down in record time, and yet still they are claimed to be the most secure products in the universe? Notice Miller said, Chrome on Windows is tough because of the security of both of those? So what's the deal?
ImapolicecarMay 10th 2010 10:47AM
Because they are not hacked simultaneously. They are hacked in sequential order. Apple have been the first up for several years now which is why if they are hacked they are the first to go down.
estado_alvinMar 27th 2010 4:31AM
Google Chrome FTW!!!
Usama AhmadMar 27th 2010 4:46PM
Ted is correct, Chrome was not targeted, much like Opera. Although Opera may be safe by virtue of security through obscurity, Chrome is more popular and gaining marketshare.
This article is flawed, the author did not do proper research and then used a quote from last year to justify the title.
Lee MathewsMar 27th 2010 4:48PM
So tell me, Uhmad, since no one was interested in testing Chrome, what does that tell you?
More importantly, what does Charlie Miller's quote tell you about Chrome? It's very, very, very hard to exploit.
By virtue of not being attacked, it was, in fact, the last browser standing -- was it not?